More Information
The definitive source for technical information on trusted computing is from the Trusted Computing Group website, where all the relevant specifications can be found. The following links are particularly useful:
- Trusted Platform Module documentation - including TPM specifications and other documentation
- Trusted Software Stack documentation - including TSS specification, architecture overview, etc.
- Latest TSS spec: TCG Software Stack (TSS) Specification, Version 1.2, Errata A
Direct Anonymous Attestation
There are several papers that can help you understant direct anonymous attestation. First, a good paper that gives background and basic definitions for group signatures:
Guiseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik. "A Practical and Provably Secure Coalition-Resistant Group Signature Scheme", Proceedings of CRYPTO 2000, pages 255-270.The following paper describes a digital signature scheme that has an important property: it is designed to support efficient protocols that deal with signatures (including zero-knowledge proofs about signatures). This signature scheme is the basis for the DAA protocol:
Jan Camenisch and Anna Lysyanskaya. A Signature Scheme with Efficient Protocols (paper originally published in the 3rd International Conference on Security in Communication Networks)And last but not least is the DAA paper itself:
Ernie Brickell, Jan Camenisch, and Liqun Chen. "Direct Anonymous Attestation" (link to full version of the paper published at ACM CCS 2004)
Trusted Computing in Virtualization and Cloud Computing
In cloud computing, a remote computing resource is provided to a user, and the most challenging security question is this: How can we give the user some assurance that the remote computing resource provides an appropriately protected environment, safe even from attacks by a dishonest provider? Such remote environments are typically run in virtual machines, and so the integrity of this virtual machine environment is a very big issue in cloud computing. The following papers give an overview of security issues and trusted computing approaches when dealing with cloud computing and virtualization.
The following paper is from the TCG, and gives a very high-level overview of some cloud computing security issues and solutions based on trusted computing technology. The TCG obviously wants to promote their solutions, so this reads a little like an advertisement in spots, but the section on "Critical Areas for Cloud Computing" gives some good information at a very light level.
Trusted Computing Group. "Cloud Computing and Security -- A Natural Match," TCG whitepaper, April 2010.The next paper describes sHype, a virtual machine monitor (or hypervisor), that makes use of Intel and AMD hardware virtualization support. While that part doesn't have much to do with trusted computing, the paper does describe a very iteresting contribution: how to virtualize TPM services (primarily discussed on page 29):
R. Perez, L. van Doorn, and R. Sailer, "Virtualization and Hardware-Based Security," IEEE Security & Privacy Magazine, vol. 6, no. 5, pp. 24-31, 2008.The next paper is on Terra, a virtual machine based system developed at Stanford. This is a very well-written paper, and does an excellent job of explaining how a real system was designed and built that provides the benefits of trusted computing technology in a distributed, virtualized environment.
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. "Terra: a virtual machine-based platform for trusted computing." In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP), 2003, pp. 193-206.I'm including the following paper because it is fairly recent, and looks specifically at cloud computing. I don't see how this does much more than the Terra system in the previous paper, but it's a short paper and worth reading:
Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. "Towards Trusted Cloud Computing," Proceedings of the Workshop On Hot Topics in Cloud Computing (HotCloud), June 2009.